Cyber threat awareness

“It's been said that knowledge is power – and when it comes to security intelligence, a lack of accurate information can be detrimental to separating real threats from hype.” –Vinny Gullotto, general manager, Microsoft Malware Protection Center

In covering trucking, I’ve always tended to focus on the “big stuff,” such as equipment (tractors and trailers), drivers, fuel, even freight itself. However, dealing with the technology that manages all this “big stuff” in the most efficient and profitable way hasn’t been my strong suit. Thing is, it’s this very area – the technological arena – that’s become both trucking’s greatest asset and biggest Achilles heel in the last few years.

Infect a computer system with a “virus,” a “worm,” or some other sort of villainous software bug could literally cripple any business enterprise, much less trucking. So much of the business world today (and that goes double for journalistic hacks like myself) rely on computers tethered to the Internet to get things done.

For me, it’s all about filing stories, editing and producing video reports, while zipping digital photos hither and yon literally sometimes seconds after taking them. For truckers, the stakes are much higher – delivering freight to the right location, keeping in touch with dispatch and home alike, even performing diagnostics on problems with the “big stuff” such as engine or transmission issues. Take trucking’s computers down, and Houston, we’ll REALLY have a problem.

And I’m not just talking about the big enterprise systems here, either: even stuff as “basic” as laptops (if you can describe them as such) play a critical role in trucking’s world today, for drivers and carriers alike, so a computer virus or worm that disables or destroys their inner workings can be as devastating as losing a big mainframe.

That’s why information from sources such as Microsoft Corp.’s seventh volume of the Microsoft Security Intelligence Report (SIRv7) can be enlightening in terms of learning about what threats are stalking the cyber world. On the worrisome side, the company’s latest report finds that worm infections among its customer base rose by nearly 100% during the first half of 2009 over the preceding six months. Yet while what Microsoft calls “rogue security software” remains a major threat to customers, 20% fewer of them were affected by rogue infections during the past six months.

The reporting mechanisms for Microsoft’s SIRv7 report are really broad, as well, including: Microsoft's Malicious Software Removal Tool (MSRT) on 450 million computers worldwide; Bing, which performed billions of Web page scans during the past six months; Windows Live OneCare and Windows Defender, operating on more than 100 million computers worldwide; Forefront Online Protection for Exchange and Forefront Client Security, scanning billions of e-mail messages yearly; and Windows Live Hotmail, operating in more than 30 countries with hundreds of millions of active e-mail users.

Data from all of those sources gives a fairly thorough “big picture” view of the biggest worries out there in computer-land, along with some insight into emerging threats. Here’s some of what Microsoft’s research found:

• Ten years after the Melissa worm appeared and defined mass-mailing worms as a class of malicious threats, worm infections have resurged to become the second most prevalent threat for enterprises in the first half of 2009. Worms rely heavily on access to unsecured file shares and removable storage volumes, both of which are plentiful in enterprise environments

• Conficker was the top worm threat detected for the enterprise, because its method of propagation works more effectively within a firewalled network environment. Conficker is not in the top 10 for consumers, because home computers are more likely to have automatic updating enabled. This further reiterates the need for enterprises to have a robust security update management program in place.

• The Taterf worm, with detections up 156% since the second half of 2008, targets massively multiplayer online role-playing games. These attacks rely less on social engineering to spread, and more on access to unsecured file shares and removable storage volumes – both of which are often plentiful in the enterprise. Taterf's impressive growth underscores the need for organizations to develop guidelines for removable drives (such as thumb drives) and evaluate how connections are made to outside machines.

• Rogue security software remained the single largest threat category for the first half of 2009. In addition, while there has been progress combating rogues, this threat remained a major pain point for computer users during the same period. Also known as scareware, rogue security software takes advantage of customers' desire to keep their computer protected. Microsoft products and services removed malware from more than 13 million computers worldwide, down from 16.8 million in the second half of 2008. Computer users are advised to use an anti-malware solution from a company they trust and to keep its threat definitions up to date.

In contrast, the report highlights the significant decrease in Zlob disinfections (by the way, I LOVE these names – Zlob, Taterf – as they seem to come straight out from old Robert Heinlein sci-fi novels) from 21.1 million at its peak in 2007 to 2.3 million in the first half of 2009 – a remarkable tenfold decrease, Microsoft said.

So how do companies and individual computer users stay ahead of such “infections”? Microsoft’s researchers culled the best practices they found from around the world and shared some insights in their latest security update:

• Japan has seen its infection rates remain relatively low. One of the reasons is due in large part to collaborations such as the Cyber Clean Center, a cooperative project between Internet service providers (ISPs), major security vendors and Japanese government agencies to educate users.

• Germany has also leveraged collaboration efforts with its computer emergency response team (CERT) and ISP communities to help identify and raise awareness of “botnet” infections and, in some cases, quarantined infected computers.

Central to the success in each of these regions is the growing trend of community-based defense, said Microsoft, in which the broader industry combines its collective strengths and intelligence to help defend computer users.

“Attackers have increasingly redirected their exploitation effort toward third-party applications and customer-developed internal applications,” noted Vinny Gullotto, general manager of Microsoft’s Malware Protection Center. “Ensure that policies are in place to help secure all file shares and regulate the use of removable media. Install AutoPlay update to help regulate automatic initiation of potentially dangerous removable media.”

In the end, I think, it also comes down to recognizing how critical computers and related technology are to keeping a trucking company’s enterprise up and running – for appreciating the significant role they play is the first step in establishing the proper mindset concerning computer security.